Efficiently storing and modifying a reorderable data structure in a database

I’m trying to create a list curation web app. One thing that’s important to me is being able to drag-and-drop reorder items in the list easily. At first I thought I could just store the order of each item, but with the reordering requirements, that would mean renumbering everything with a higher order (down the list) than the place where you removed or where you inserted the moved item. So I started looking at data structures that were friendly to reordering, or to both deletion and insertion. I’m looking at binary trees, probably red-black trees or something like that. I feel like I could with great effort probably implement the algorithms for manipulating those.

So here’s my actual question. All the tree tutorials assume you’re creating these trees in memory, usually through instantiating a simple Node class or whatever. But I’m going to be using a database to persist these structures, right? So one issue is how do I represent this data, which is kind of a broad question, sure. I would like to not have to read the whole tree from the database to update the order of one item in the list. But then again if I have to modify a lot of nodes that are stored as separate documents, that’s going to be expensive too, even if I have an index on the relevant fields, right? Like, every time I need to manipulate a node I need to actually find it in the database first, I think.

Also, I obviously need the content and order of each node on the front end in order to display the list, but do I need the client to know the whole tree structure in order to be able to send updates to the server, or can I just send the item id and its new position in the list or something?

I’m sorry if this veers too practical but I thought someone might want to take a crack at it.

Storing the password to a vault in the vault itself?

Is there an additional risk associated with storing the master password to a vault inside the vault itself?

I would assume not, since in order to decrypt the vault you must already have that password. But maybe I’m missing something?

And without reuse concerns, anything that can steal the password from the unlocked vault can also just steal the vault itself, so no additional information is being exposed that way.

As to why, besides academic curiosity, I’ve also noticed that sometimes the web version of the vault does not automatically log me in, even if the native app is unlocked. So adding the vault password would simplify that process.

Storing private keys for updates to remote device

I’m reading up on how to perform signed updates for remote hardware devices. I need to check if the new software has been generated by a "trusted" source, ie me.

Based on my understanding of asymmetric cryptography I understand that I can embed a public key on all my devices and then any new software that needs to be updated on the device, needs to have a signed hash in a header that I could check against. I’m all onboard until this part, and it sounds great for secure updates, but I’m wondering how one would securely store the private key. Say I built 1M units. All have the public key programmed on them. If my private key is lost for whatever reason, I lose the ability to update any of these devices. It sounds like the jugular vein. Should I accept storing private keys very safely as a cost of doing business, or is there a better way to handle this case?

benefits of storing columns in JSON instead of traditional tables?

Are there any benefits in using JSON over traditional table structures?

Imagine having a table structure like this:

 create table table1 (         t_id int,         first_name varchar(20),         last_name varchar(20),         age int     ) 

What if you stored the same columns inside a json like this:

{     "first_name":"name",     "last_name":"name",     "age":2 } 

and have a table like this:

create table table2 (     t_id int,     attribute jsonb ) 

Correct me if im wrong, but since both variants are causing a row to be completely rewritten if there have been any updates or deletes on that row, then both variants are identical in that regard.

Is storing data that can be inferred go against data normalization?

To simplify lets say I have two tables PROJECTS and JOBS. A user creates a project and runs 1 or more jobs using a project.

So it would possible look something like this:


  • [PK] project_id
  • etc.


  • [PK] job_id
  • [FK] project_id
  • job_run_date
  • etc.

Ideally I want to be able to list all projects by last used (last job run) and display them to the user. When I create a job, I can insert the job then update the project entry to have a last used; or I can just have it insert the job, then when I’m displaying all projects, I can do a join and aggregation with JOBS to get the last used date.

I figure, the drawback of the join is that as you have more jobs, performance may be slowly impacted over time to do the joins and aggregations. Whereas, being somewhat redundant increases the chance of a transaction failure and wastes a bit of space.

If I were to choose the update both tables (i.e. have a last_used` column in PROJECTS), would that be going against normalization (or good db design practices)?

Need of Encryption for storing Health Infromation

I am managing development of a platform for health service providers and thus, it houses health information about patients registered. The patient register themselves on the system and maintain their profiles. This system needs to be compliant to HIPAA requirements.

The specifications dictate asymmetric + symmetric encryption for transit or end to end encryption.

I have some questions:

  1. Can a case be made for added asymmetric + symmetric encryption of data in transit over TLS v1.3?
  2. Can PHI be stored anonymously somehow so we can analyze it and opt out of explicit encryption? That necessitates handling/control logic of that data to be in client apps.
  3. Can we have permanently assigned, unchanging asymmetric keys for users? If not, for how long can we have them safely? How do these changing keys work with already encrypted data?

What is your spellcasting ability when casting a spell from a Ring of Spell Storing?

The Ring of Spell Storing states (emphasis mine):

[…] While wearing this ring, you can cast any spell stored in it. The spell uses the slot level, spell save DC, spell attack bonus, and spellcasting ability of the original caster, but is otherwise treated as if you cast the spell. […]

So say somebody has acquired such a ring and casts counterspell or dispel magic using it, or is targeted by the Arcane Trickster Rogue’s Spell Thief feature:

[…] If it is casting a spell of 4th level or higher, make an ability check using your spellcasting ability. […]

[…] For each spell of 4th level or higher on the target, make an ability check using your spellcasting ability. The DC equals 10 + the spell’s level. […]

[…] Immediately after a creature casts a spell that targets you or includes you in its area of effect, you can use your reaction to force the creature to make a saving throw with its spellcasting ability modifier. […]

What would “your” or “its” spellcasting ability modifier actually be? Do you use the modifier of whoever put that spell into the ring? Does anything change if you have levels in zero, one, or two classes that can cast spells?

Some related questions:

  • What is the spell attack bonus and spell save DC of a Thief using the Use Magic Device feature?
  • What is the spellcasting ability of a Barbarian Totem Warrior?
  • For the Ring of Shooting Stars, what is the spell save DC of Faerie Fire?
  • What is the spell save DC for this magic item from Waterdeep: Dungeon of the Mad Mage?
  • What is the Wand of Paralysis' Saving Throw?
  • Do racial/feat/non-Spellcasting classes' spellcasting abilities count as a spellcasting ability for Staff of Power?

I believe my question is a bit different from these previous ones because the Ring of Spell Storing explicitly says that the spell uses the original caster’s spellcasting ability and not the spellcasting ability of whatever creature is actually using the ring.

Do class or subclass features that affect spellcasting apply when casting a spell from an Artificer’s Spell Storing Item?

In my recent question about a homebrewed Artificer subclass, I was asked in a comment how one of the abilities that modifies spellcasting would interact with casting spells stored within a my subclass’s variant version of the Spell Storing Item feature that all Artificers get. I’d not considered it before, but I suspect it should work the same as a normal spell cast from a normal Spell Storing Item.

But as it turns out, I’m not actually sure how that works for normal Artificers either. Here’s the relevant rules text for Spell Storing Item (from Eberon: Rising from the Last War, page 58):

While holding the object, a creature can take an action to produce the spell’s effect from it, using your spellcasting ability modifier. If the spell requires concentration, the creature must concentrate.

Notable in that rules text is that it does not say that the creature using the object casts the spell, only that it produces the spell’s effect. This seems relevant because the top voted answers to this previous question seem to mostly attach to the “cast” terminology used by most magical items that grant extra spells.

In combination with the answers to that question, it seems like the different language (not using “cast”) may mean that using a Spell Storing Item isn’t spellcasting, and so no feature that modifies spellcasting will apply. But there’s enough ambiguity that I want to ask about it here. Do an artificer’s spellcasting features apply spells they store in an item? Do spellcasting-related features of the creature using the Spell Storing Item (which may or may not be the Artificer themself) apply?

For a concrete example, if an Artillerist stores Scorching Ray in a wand, staff or rod that they had previously made their Arcane Firearm, would they get an get an extra d8 to add to one of the spell’s damage rolls when they use the stored spell?

Password Vault Storing Passwords

I’ve been working on just a fun side project in C++ to practice encryption algorithms and I sort of ran into a bit of a roadblock of sorts. To summarize the project I have a text file of encrypted passwords and sites the passwords are for, the user logs in and the encrypted information is stored into a list. Simple enough. The log in works just fine and is as close to using a hash function as I care to try for as small a project as I’d like this to be. My main problem is this :

When I want to show the user their password, I need to decrypt it. How do I pass the key to the decryption algorithm without having it stored in at least RAM? Because I have a encrypted version of the key stored in the text file as well and relies on the hash being correct for the key to be decrypted. But I don’t want the user to enter their information again to get the password after they already logged in. So how should I go about this? Should I save the key once I can decrypt it with the users information? Or should is there some solution that is escaping me? Thanks for any help!

is it safe to implement custom way of storing cookie in android?

i want to store session information in android application temporarily (as long as application is running). i am sending real-time data to node.js server from android client using Custom Protocol (over UDP). Along with this data i will send cookie (or session string unique to each user) to server for further processing. is this a safe way to store cookie in ram. Is this safe for users?

I am new to this security stuff so i want help. if i have missed any information i am willing to add it.